Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Stay Ahead With Linux Security Features

Siem Architecture Hero Esm H350
Price Tag 1threat detection scalability

Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload. . A SIEM watching 20 endpoints is not doing the same job as one watching 500. More endpoints mean more logs; more logs require more storage; more storage makes search heavier. Eventually, the very architecture that made your lab easy to deploy becomes the reason your production...
1 min read
Http2 Bomb Hero 2026 Esm H350
Price Tag 1security advisory apache

A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic. . For Linux administrators, the concern is not the HTTP/2 protocol itself. It is the possibility that a single...
3 - 5 min read
Supply Chain Risk Starts At The Workstation Hero Esm H350
Price Tag 1security advisory important

The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was. . Attackers did not need a Linux privilege escalation bug or a remote code execution chain. They needed developers to trust a tool they were already using. For many organizations, that was enough. What Happened? Federal...
3 - 5 min read
Persistence Tricks Hero Esm H350
Price Tag 1security advisory open-source

You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back. . What happened? You didn't lose the battle at the exploit; you lost it at the cleanup. In many modern Linux intrusions, the malware you found wasn't the main problem—it was the fallback mechanisms left behind. These hooks quietly restore attacker access the moment you look away. If you clean a host but miss these persistence layers,...
4 - 7 min read
Red Hat Npm Hero Esm H350
Price Tag 1security advisory Red Hat

Researchers investigating a campaign now tracked as Miasma found that more than 30 packages in Red Hat's @redhat-cloud-services npm namespace had been altered to deliver credential-stealing malware. . The packages weren't being used to deploy ransomware or sabotage systems. From what has been reported so far, the objective appears to have been much simpler: collect credentials from developer environments and use that access elsewhere. GitHub tokens, cloud credentials, SSH keys, and other...
3 - 6 min read
Filter Icon Refine features
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security features

We found -4 articles for you...
102
General Esm H240
Price Tag 1security advisorychunk encodinglinux

Apache Chunk Encoding Exploit: Insights on Controversy and Responses

The recent situation regarding the Apache Chunk Encoding Vulnerability has caused plenty of controversy in the security industry. It initially began with the community dislike of the release of information. . Then it was debated as to weather or not this was really an exploitable vulnerability. And after listening to all the debates about the chunk encoding vulnerability, Gobbles "got fed up." They released the vulnerability apache_scalp.c because, "We had read too much bullshit from `experts' concerning the bug, and their idiotic statements as to why it isn't exploitable, and how lucky the world is because it wasn't exploitable..." Gobbles Security released this exploit on Wednesday to prove that people, even those in the security world, can overlook the obvious. According to Gobbles, there are exploits written for the other platforms (linux, solaris, etc) however there is no need to release them now. Now that everyone has a better understanding of the severity of this problem, it is more likely that the appropriate actions will be taken. They have not decided on a date as to when to release the rest of the exploits. Taking a look at the initial comments in the apache_scalp.c source code, one can infer that with determination, any vulnerability can become an exploit. Just another reminder to security experts not to let your guard down. EEYE has released a free tool to test your version of apache to see weather or not you need the patch. It is available here. According to the apache_scalp.c source code, the following, at the very least, are exploitable: Sun Solaris 6-8 (sparc/x86) FreeBSD 4.3-4.5 (x86) OpenBSD 2.6-3.1 (x86) Linux (GNU) 2.4 (x86) . The Apache chunk encoding vulnerability has sparked discussions on exploitability and mitigation strategies among security experts, emphasizing rigorous testing and coding practices. Apache Vulnerability, Chunk Encoding, Exploit Release, Security Assessment, Exploit Development. . Brittany Day

Calendar 2 Jun 28, 2002 User Avatar Brittany Day
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here